2023-01-20 09:07:20 +01:00
|
|
|
The GNU Privacy Guard
|
|
|
|
=======================
|
2023-05-10 10:23:59 +02:00
|
|
|
Version 2.5 (devel)
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2021-02-21 12:09:57 +01:00
|
|
|
Copyright 1997-2019 Werner Koch
|
|
|
|
Copyright 1998-2021 Free Software Foundation, Inc.
|
2023-01-20 09:07:20 +01:00
|
|
|
Copyright 2003-2023 g10 Code GmbH
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
* INTRODUCTION
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-10-03 13:02:06 +02:00
|
|
|
GnuPG is a complete and free implementation of the OpenPGP standard
|
More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-01 22:19:17 -04:00
|
|
|
as defined by RFC4880 (also known as PGP). GnuPG enables encryption
|
|
|
|
and signing of data and communication, and features a versatile key
|
|
|
|
management system as well as access modules for public key
|
|
|
|
directories.
|
2014-10-03 13:02:06 +02:00
|
|
|
|
|
|
|
GnuPG, also known as GPG, is a command line tool with features for
|
|
|
|
easy integration with other applications. A wealth of frontend
|
More cleanup of "allow to".
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-08-01 22:19:17 -04:00
|
|
|
applications and libraries are available that make use of GnuPG.
|
2016-08-03 17:00:40 +02:00
|
|
|
Starting with version 2 GnuPG provides support for S/MIME and Secure
|
|
|
|
Shell in addition to OpenPGP.
|
2014-10-03 13:02:06 +02:00
|
|
|
|
|
|
|
GnuPG is Free Software (meaning that it respects your freedom). It
|
|
|
|
can be freely used, modified and distributed under the terms of the
|
|
|
|
GNU General Public License.
|
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
* BUILD INSTRUCTIONS
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2022-12-16 11:00:16 +01:00
|
|
|
GnuPG 2.4 depends on the following GnuPG related packages:
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2017-11-20 12:39:16 +01:00
|
|
|
npth (https://gnupg.org/ftp/gcrypt/npth/)
|
|
|
|
libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/)
|
|
|
|
libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/)
|
|
|
|
libksba (https://gnupg.org/ftp/gcrypt/libksba/)
|
|
|
|
libassuan (https://gnupg.org/ftp/gcrypt/libassuan/)
|
2011-02-03 16:50:01 +01:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
You should get the latest versions of course, the GnuPG configure
|
|
|
|
script complains if a version is not sufficient.
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2021-02-11 12:53:28 +01:00
|
|
|
Several other standard libraries are also required. The configure
|
|
|
|
script prints diagnostic messages if one of these libraries is not
|
|
|
|
available and a feature will not be available..
|
2014-06-05 16:20:44 +02:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
You also need the Pinentry package for most functions of GnuPG;
|
|
|
|
however it is not a build requirement. Pinentry is available at
|
2017-11-20 12:39:16 +01:00
|
|
|
https://gnupg.org/ftp/gcrypt/pinentry/ .
|
2013-05-22 09:50:12 +01:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
After building and installing the above packages in the order as
|
|
|
|
given above, you may continue with GnuPG installation (you may also
|
|
|
|
just try to build GnuPG to see whether your already installed
|
|
|
|
versions are sufficient).
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
As with all packages, you just have to do
|
2003-12-23 11:05:19 +00:00
|
|
|
|
2023-03-21 09:15:20 +01:00
|
|
|
mkdir build
|
|
|
|
cd build
|
|
|
|
../configure
|
2014-09-18 16:00:34 +02:00
|
|
|
make
|
2017-08-08 17:28:25 +02:00
|
|
|
make check
|
2014-09-18 16:00:34 +02:00
|
|
|
make install
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2017-08-08 17:28:25 +02:00
|
|
|
The "make check" is optional but highly recommended. To run even
|
|
|
|
more tests you may add "--enable-all-tests" to the configure run.
|
|
|
|
Before running the "make install" you might need to become root.
|
2002-06-29 14:15:02 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
If everything succeeds, you have a working GnuPG with support for
|
2021-02-11 12:53:28 +01:00
|
|
|
OpenPGP, S/MIME, ssh-agent, and smartcards.
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
In case of problem please ask on the gnupg-users@gnupg.org mailing
|
|
|
|
list for advise.
|
2004-01-29 20:16:59 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
Instruction on how to build for Windows can be found in the file
|
|
|
|
doc/HACKING in the section "How to build an installer for Windows".
|
|
|
|
This requires some experience as developer.
|
2014-06-16 23:25:44 +02:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
You may run
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2022-12-16 11:00:16 +01:00
|
|
|
gpgconf -L
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2021-02-11 12:53:28 +01:00
|
|
|
to view the directories used by GnuPG.
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
To quickly build all required software without installing it, the
|
|
|
|
Speedo method may be used:
|
2014-09-18 16:00:34 +02:00
|
|
|
|
2023-03-21 09:15:20 +01:00
|
|
|
cd build
|
|
|
|
make -f ../build-aux/speedo.mk native
|
2014-09-18 16:00:34 +02:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
This method downloads all required libraries and does a native build
|
|
|
|
of GnuPG to PLAY/inst/. GNU make is required and you need to set
|
|
|
|
LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries.
|
2014-09-18 16:00:34 +02:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
** Specific build problems on some machines:
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
*** Apple OSX 10.x using XCode
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
On some versions the correct location of a header file can't be
|
|
|
|
detected by configure. To fix that you should run configure like
|
|
|
|
this
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h
|
2010-10-26 12:25:47 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
Add other options as needed.
|
2010-10-26 12:25:47 +00:00
|
|
|
|
|
|
|
|
2016-12-14 15:36:25 +01:00
|
|
|
*** Systems without a full C99 compiler
|
|
|
|
|
2016-12-20 11:25:45 +01:00
|
|
|
If you run into problems with your compiler complaining about dns.c
|
2016-12-14 15:36:25 +01:00
|
|
|
you may use
|
|
|
|
|
|
|
|
./configure --disable-libdns
|
|
|
|
|
|
|
|
Add other options as needed.
|
|
|
|
|
|
|
|
|
2017-08-28 11:18:26 +02:00
|
|
|
|
2017-03-14 12:34:23 +01:00
|
|
|
* RECOMMENDATIONS
|
|
|
|
|
2022-12-16 11:00:16 +01:00
|
|
|
** Key database daemon
|
|
|
|
|
|
|
|
Since version 2.3.0 it is possible to store the keys in an SQLite
|
|
|
|
database instead of the keyring.kbx file. This is in particular
|
|
|
|
useful for large keyrings or if many instances of gpg and gpgsm may
|
|
|
|
run concurrently. This is implemented using another daemon process,
|
|
|
|
the "keyboxd". To enable the use of the keyboxd put the option
|
|
|
|
"use-keyboxd" into the configuration file ~/.gnupg/common.conf or the
|
|
|
|
global /etc/gnupg/common.conf. See also doc/examples/common.conf.
|
|
|
|
Only public keys and X.509 certificates are managed by the keyboxd;
|
|
|
|
private keys are still stored as separate files.
|
|
|
|
|
2023-04-04 16:39:59 +02:00
|
|
|
Since version 2.4.1 the keyboxd will be used by default for a fresh
|
|
|
|
install; i.e. if a ~/.gnupg directory did not yet exist.
|
|
|
|
|
2022-12-16 11:00:16 +01:00
|
|
|
Note that there is no automatic migration; if the use-keyboxd option
|
|
|
|
is enabled keys are not taken from pubring.kbx. To migrate existing
|
|
|
|
keys to the keyboxd do this:
|
|
|
|
|
|
|
|
1. Disable the keyboxd (remove use-keyboxd from common.conf)
|
|
|
|
2. Export all public keys
|
|
|
|
gpg --export --export-options backup > allkeys.gpg
|
|
|
|
gpgsm --export --armor > allcerts.gpg
|
|
|
|
3. Enable the keyboxd (add use-keyboxd to common.conf)
|
|
|
|
4. Import all public keys
|
|
|
|
gpg --import --import-options restore < allkeys.gpg
|
|
|
|
gpgsm --import < allcerts.crt
|
|
|
|
|
2023-12-22 13:19:33 +01:00
|
|
|
In case the keyboxd is not able to startup due to a stale lockfile
|
|
|
|
created by another host, the command
|
|
|
|
|
|
|
|
gpgconf --unlock pubring.db
|
|
|
|
|
|
|
|
can be used to remove the lock file.
|
|
|
|
|
2017-03-14 12:34:23 +01:00
|
|
|
** Socket directory
|
|
|
|
|
|
|
|
GnuPG uses Unix domain sockets to connect its components (on Windows
|
|
|
|
an emulation of these sockets is used). Depending on the type of
|
|
|
|
the file system, it is sometimes not possible to use the GnuPG home
|
|
|
|
directory (i.e. ~/.gnupg) as the location for the sockets. To solve
|
|
|
|
this problem GnuPG prefers the use of a per-user directory below the
|
2021-04-07 19:04:46 +02:00
|
|
|
the /run (or /var/run) hierarchy for the sockets. It is thus
|
2017-03-14 12:34:23 +01:00
|
|
|
suggested to create per-user directories on system or session
|
2021-04-07 19:04:46 +02:00
|
|
|
startup. For example, the following snippet can be used in
|
2017-03-14 12:34:23 +01:00
|
|
|
/etc/rc.local to create these directories:
|
|
|
|
|
|
|
|
[ ! -d /run/user ] && mkdir /run/user
|
|
|
|
awk -F: </etc/passwd '$3 >= 1000 && $3 < 65000 {print $3}' \
|
|
|
|
| ( while read uid rest; do
|
|
|
|
if [ ! -d "/run/user/$uid" ]; then
|
|
|
|
mkdir /run/user/$uid
|
|
|
|
chown $uid /run/user/$uid
|
|
|
|
chmod 700 /run/user/$uid
|
|
|
|
fi
|
|
|
|
done )
|
|
|
|
|
2023-12-22 13:19:33 +01:00
|
|
|
** Conflicts with systemd socket activation
|
|
|
|
|
|
|
|
Some Linux distribution use the meanwhile deprecated --supervised
|
|
|
|
option with gpg-agent, dirmngr, and keyboxd. The idea is that the
|
|
|
|
systemd process launches the daemons as soon as gpg or gpgsm try to
|
|
|
|
access them. However, this creates a race condition with GnuPG's
|
|
|
|
own on-demand launching of these daemon. It also conflicts with the
|
|
|
|
remote use gpg-agent because the no-autostart feature on the remote
|
|
|
|
site will not work as expected.
|
|
|
|
|
|
|
|
Thus the recommendation is not to use the --supervised option. All
|
|
|
|
GnuPG components handle the startup of their daemons on their own.
|
|
|
|
|
|
|
|
The only problem is that for using GnuPG's ssh-agent protocol
|
|
|
|
support, the gpg-agent must have been started before ssh. This can
|
|
|
|
either be done with an ssh wrapper running
|
|
|
|
|
|
|
|
gpg-connect-agent updatestartuptty /bye
|
|
|
|
|
|
|
|
for each new tty or by using that command directly after login when
|
|
|
|
the anyway required SSH_AUTH_SOCK envvar is set (see the example in
|
|
|
|
the gpg-agent man page).
|
|
|
|
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
* DOCUMENTATION
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
The complete documentation is in the texinfo manual named
|
2023-05-11 16:34:23 +08:00
|
|
|
`gnupg.info'. Run "info gnupg" to read it. If you want a
|
2014-09-18 16:00:34 +02:00
|
|
|
printable copy of the manual, change to the "doc" directory and
|
|
|
|
enter "make pdf" For a HTML version enter "make html" and point your
|
|
|
|
browser to gnupg.html/index.html. Standard man pages for all
|
|
|
|
components are provided as well. An online version of the manual is
|
2015-02-11 12:10:39 +01:00
|
|
|
available at [[https://gnupg.org/documentation/manuals/gnupg/]] . A
|
2014-09-18 16:00:34 +02:00
|
|
|
version of the manual pertaining to the current development snapshot
|
2015-02-11 12:10:39 +01:00
|
|
|
is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] .
|
2006-11-11 14:17:09 +00:00
|
|
|
|
|
|
|
|
2021-04-07 19:04:46 +02:00
|
|
|
* Using the legacy version GnuPG 1.4
|
2017-08-05 14:39:32 +02:00
|
|
|
|
2021-02-11 12:53:28 +01:00
|
|
|
The 1.4 version of GnuPG is only intended to allow decryption of old
|
|
|
|
data material using legacy keys which are not anymore supported by
|
|
|
|
GnuPG 2.x. To install both versions alongside, it is suggested to
|
|
|
|
rename the 1.4 version of "gpg" to "gpg1" as well as the
|
|
|
|
corresponding man page. Newer releases of the 1.4 branch will
|
|
|
|
likely do this by default.
|
2011-02-03 16:50:01 +01:00
|
|
|
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
* HOW TO GET MORE INFORMATION
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2017-08-28 11:18:26 +02:00
|
|
|
A description of new features and changes since version 2.1 can be
|
2014-11-04 16:28:03 +01:00
|
|
|
found in the file "doc/whats-new-in-2.1.txt" and online at
|
|
|
|
"https://gnupg.org/faq/whats-new-in-2.1.html" .
|
|
|
|
|
2017-08-28 11:18:26 +02:00
|
|
|
The primary WWW page is "https://gnupg.org"
|
|
|
|
The primary FTP site is "https://gnupg.org/ftp/gcrypt/"
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2015-02-11 12:10:39 +01:00
|
|
|
See [[https://gnupg.org/download/mirrors.html]] for a list of
|
2014-09-18 16:00:34 +02:00
|
|
|
mirrors and use them if possible. You may also find GnuPG mirrored
|
|
|
|
on some of the regular GNU mirrors.
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
We have some mailing lists dedicated to GnuPG:
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
gnupg-announce@gnupg.org For important announcements like new
|
|
|
|
versions and such stuff. This is a
|
|
|
|
moderated list and has very low traffic.
|
|
|
|
Do not post to this list.
|
2006-11-11 14:17:09 +00:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
gnupg-users@gnupg.org For general user discussion and
|
2021-08-24 18:31:38 +02:00
|
|
|
help.
|
2014-09-18 16:00:34 +02:00
|
|
|
|
|
|
|
gnupg-devel@gnupg.org GnuPG developers main forum.
|
|
|
|
|
|
|
|
You subscribe to one of the list by sending mail with a subject of
|
|
|
|
"subscribe" to x-request@gnupg.org, where x is the name of the
|
|
|
|
mailing list (gnupg-announce, gnupg-users, etc.). See
|
2017-11-20 12:39:16 +01:00
|
|
|
https://gnupg.org/documentation/mailing-lists.html for archives
|
2014-09-18 16:00:34 +02:00
|
|
|
of the mailing lists.
|
|
|
|
|
2017-08-28 11:18:26 +02:00
|
|
|
Please direct bug reports to [[https://bugs.gnupg.org]] or post them
|
2014-09-18 16:00:34 +02:00
|
|
|
direct to the mailing list <gnupg-devel@gnupg.org>.
|
|
|
|
|
|
|
|
Please direct questions about GnuPG to the users mailing list or one
|
|
|
|
of the PGP newsgroups; please do not direct questions to one of the
|
|
|
|
authors directly as we are busy working on improvements and bug
|
2022-10-13 15:53:27 +02:00
|
|
|
fixes. The mailing lists are watched by the authors and we try to
|
|
|
|
answer questions as time allows us.
|
2014-09-18 16:00:34 +02:00
|
|
|
|
|
|
|
Commercial grade support for GnuPG is available; for a listing of
|
2017-11-20 12:39:16 +01:00
|
|
|
offers see https://gnupg.org/service.html . Maintaining and
|
2014-10-03 13:02:06 +02:00
|
|
|
improving GnuPG requires a lot of time. Since 2001, g10 Code GmbH,
|
|
|
|
a German company owned and headed by GnuPG's principal author Werner
|
2022-12-16 11:00:16 +01:00
|
|
|
Koch, is bearing the majority of these costs.
|
2014-10-03 13:02:06 +02:00
|
|
|
|
2014-09-18 16:00:34 +02:00
|
|
|
# This file is Free Software; as a special exception the authors gives
|
|
|
|
# unlimited permission to copy and/or distribute it, with or without
|
|
|
|
# modifications, as long as this notice is preserved. For conditions
|
|
|
|
# of the whole package, please see the file COPYING. This file is
|
|
|
|
# distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
# WARRANTY, to the extent permitted by law; without even the implied
|
|
|
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
|
|
#
|
|
|
|
# Local Variables:
|
|
|
|
# mode:org
|
|
|
|
# End:
|